Security Modules
Automated security checks for Linux and Windows — install via package manager or direct download.
Linux — Debian / Ubuntu
RecommendedInstall via the APT repository. Automatic updates via apt upgrade.
1. Import GPG key
curl -fsSL https://packages.brinkhaus-gmbh.de/gpg/brinkhaus.gpg | sudo gpg --dearmor -o /usr/share/keyrings/brinkhaus.gpg2. Add repository
echo "deb [signed-by=/usr/share/keyrings/brinkhaus.gpg] https://packages.brinkhaus-gmbh.de/deb stable main" \
| sudo tee /etc/apt/sources.list.d/brinkhaus.list3. Install
sudo apt update
sudo apt install fleetmanager-security4. Configure and start
# Copy and edit the example configuration
sudo cp /etc/fleetmanager-security/config.yaml.example /etc/fleetmanager-security/config.yaml
sudo nano /etc/fleetmanager-security/config.yaml
# Enable and start the service
sudo systemctl enable --now fleetmanager-securityLinux — RHEL / CentOS / Fedora
Install via the RPM repository or direct download.
1. Set up repository
sudo tee /etc/yum.repos.d/brinkhaus.repo << 'EOF'
[brinkhaus]
name=Brinkhaus GmbH Packages
baseurl=https://packages.brinkhaus-gmbh.de/rpm/
enabled=1
gpgcheck=1
gpgkey=https://packages.brinkhaus-gmbh.de/gpg/brinkhaus.gpg
EOF2. Install
# RHEL/CentOS
sudo yum install fleetmanager-security
# Fedora
sudo dnf install fleetmanager-security3. Configure and start
sudo cp /etc/fleetmanager-security/config.yaml.example /etc/fleetmanager-security/config.yaml
sudo nano /etc/fleetmanager-security/config.yaml
sudo systemctl enable --now fleetmanager-securityWindows
EXE installer for Windows Server 2016+ and Windows 10/11. The installer registers the agent as a Windows service.
FleetManager Security Agent for Windows
Setup wizard with automatic service registration
Download Windows InstallerInstallation
- Run the installer as Administrator
- Follow the setup wizard — the agent will be installed to
C:\Program Files\FleetManager Security - Edit the configuration at
C:\ProgramData\FleetManagerSecurity\config.yaml - The FleetManager Security Windows service is automatically registered and started
Service Management (PowerShell)
# Check status
Get-Service FleetManagerSecurity
# Restart service
Restart-Service FleetManagerSecurity
# View logs
Get-EventLog -LogName Application -Source FleetManagerSecurity -Newest 20Configuration
The agent is configured via a YAML file. Key settings:
FleetManager Connection
Server URL, bearer token, customer slug, and machine slug. Tokens are created in the FleetManager dashboard under Settings → Tokens.
Modules
Each module (sec-auth, sec-updates, sec-network, sec-firewall, sec-av) can be individually enabled/disabled and configured.
Check Interval
Default: every 5 minutes. Heartbeat interval configurable separately (default: 60 seconds).
Network Whitelist
Allowed listeners (port/protocol/bind address), loopback and Docker filtering.
Minimal Configuration
fleetmanager:
base_url: "https://fleet.brinkhaus-gmbh.de"
token: "fmt_YOUR_TOKEN"
customer: "your-customer"
machine: "your-server"
agent:
check_interval_seconds: 300
log_level: "INFO" Config paths:
Linux: /etc/fleetmanager-security/config.yaml
· Windows: C:\ProgramData\FleetManagerSecurity\config.yaml
Changelog
0.4.0 2026-03-11
Added
- Agent command system: modules can advertise available commands in the dashboard
- sec-firewall (Linux + Windows): "Renew baseline" command — update firewall baseline on demand from the dashboard
- Extensible command interface for all security modules
0.3.3 2026-03-11
Added
- sec-firewall (Linux): Docker rules are filtered before baseline comparison
Fixed
- Windows installer: Service start type explicitly set to "Automatic (Delayed Start)"
- sec-auth (Windows): More specific error message for event log access issues
0.3.2 2026-03-08
Fixed
- Version number in the agent runtime corrected
0.3.1 2026-03-08
Fixed
- Linux: systemd service missing run subcommand after package upgrade
0.3.0 2026-03-08
Fixed
- Windows installer: Service is automatically stopped before upgrade
0.2.9 2026-03-08
Added
- Diagnostic help texts: 70+ codes with explanations (DE + EN) for the dashboard
- Automatic help text transmission to FleetManager
- Extended principal filters for known user-space apps
Fixed
- sec-hardening: ip_forward on Docker/Podman hosts is tolerated
0.2.8 2026-03-08
Added
- Built-in filters: sec-tasks, sec-services, sec-network filter known software automatically
- sec-firewall: Rule diff in snapshot (added/removed rules visible)
- sec-hardening: root accepted as default NOPASSWD user
Fixed
- sec-auth (Windows): Event log query fixed on German systems
0.2.7 2026-03-08
Fixed
- Windows service crash: Signal handling in service context
- Windows service: Start type set to "Automatic (Delayed Start)"
- PowerShell UTF-8 encoding on German systems
0.2.6 2026-03-08
Added
- Setup wizard: Token, customer and machine configured during installation
- Subcommand fleetmanager-security configure
0.2.4 2026-03-06
Added
- Documentation and process improvements
0.2.3 2026-03-05
Added
- sec-integrity: Config field ignore_paths for whitelisting known files
Fixed
- sec-integrity: usr-merge fallback on resolved symlink paths
0.2.2 2026-03-05
Added
- Migration system: versioned state migrations on agent start
- sec-hardening: Trusted HTTPS package sources (Docker, Plesk, Brinkhaus)
- sec-hardening: Config field trusted_sources for custom trusted sources
Fixed
- sec-integrity: usr-merge compatibility for legacy paths
- sec-integrity: Stale package cache automatically cleaned on upgrade
0.2.0 2026-03-05
Added
- Windows module parity: 10 Linux + 10 Windows modules
- Compliance document with CIS Benchmark mapping
- 6 new Linux modules: sec-users, sec-cron, sec-services, sec-integrity, sec-hardening, sec-kernel
Start for free — 5 devices included
Fleet monitoring and security compliance in under 10 minutes. No credit card required.